Report calls for wider use of electronic signatures in verifying e-Government service users' identity

Out-Law News | 07 Feb 2014 | 9:54 am | 2 min. read

Electronic signatures (e-signatures) should be relied upon more often as a means for verifying the identity of individuals seeking to use online services within the EU, according to new reports

The reports, published by EU advisory body the European Network and Information Security Agency (ENISA), said regulators should encourage "a wider use" of e-signatures as an "authentication mechanism" for accessing 'trust services'.

According to proposed reforms to EU legislation, a trust service provider (TSP) is a business that provides "any electronic service consisting in the creation, verification, validation, handling and preservation of electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic delivery services, website authentication, and electronic certificates, including certificates for electronic signature and for electronic seals".

ENISA conducted a survey of 51 existing TSPs and has made a number of recommendations about how to improve the way those services operate and the security they provide.

The security agency said there were currently "barriers" to the "cross-border interoperability" of e-signature mechanisms and called for those obstacles to be removed.

"Full adoption of e-signature standards should be reached, to achieve full interoperability," ENISA said. "Full adoption of e-signature format standards by TSPs should be reached in order to be capable to validate any of them."

ENISA also recommended that "independent time stamp services" should be applied to all transactions made through online Government service platforms and that there should be "end-to-end encryption" to ensure the security of information passed over networks during the processing of transactions.

"It is vital for business and governments across Europe that citizens trust their online services and therefore implement the best technical e-signature solutions," ENISA's executive director Professor Udo Helmbrecht said. "These best practices need to be constantly reviewed through frequent risk analysis in order to keep up with the technical developments and overcome evolving cyber security challenges."

In 2012 the European Commission outlined a draft new Regulation on electronic identification (e-ID) and trust services. The Regulation is aimed at making it easier to verify the identities of individuals by giving recognition to individuals' e-IDs when making online transactions.

The Commission has previously said that "common EU rules on legal recognition of e-ID" and for trust services would help facilitate more online, cross-border, trade within the EU.

The plans on e-IDs would allow EU member states to "opt in" so that their e-ID schemes will be "mutually recognised" by other EU countries. In return for doing so those countries would be obliged to mutually recognise the schemes operated by the others who sign up to the scheme.

Currently a number of EU countries operate a range of different e-ID schemes that allow individuals within those countries to complete transactions or access services online, rather than via traditional face-to-face or paper systems.

The UK Government is currently in the process of creating its own ID assurance scheme for a raft online public services currently being digitised. Earlier this month, expert in financial services and technology John Salmon of Pinsent Masons, the law firm behind Out-Law.com, encouraged the financial services sector to adopt ID assurance standards too. He said doing so could "promote the concept of 'digital passporting' between services" offered in the industry.